Standard 4

You should not disclose confidential information to persons outside the company unless they have a legitimate need for the information and they have been properly authorized by company management to receive it. In order to protect confidential information, you should take reasonable steps to ensure that it cannot be intentionally or inadvertently discovered by persons outside the company. This requires you to take reasonable steps to safeguard confidential information, such as keeping confidential data in a secured location in your office or work area and not discussing confidential information with co-workers in public areas, such as elevators and taxicabs.

Confidential information includes information related to the company's business strategies and operations that have not been publicly released. It consists of information such as pricing and financial data, marketing strategies, proprietary computer software, inventions, information about planned mergers or acquisitions, information about our fellow employees, and information about our subcontractors and vendors. It also includes medical records and other types of patient data, the confidentiality of which is generally protected under state law.

The company has or will have formal privacy policies, such as the Patient Specific Medical Information Policy and policies adopted to comply with HIPAA. Employees dealing with any information subject to these policies should be familiar with them and abide by them at all times.